Description
A command injection vulnerability in the devcert module may lead to remote code execution when users of the module pass untrusted input to the certificateFor function.
Recommendation
Update the devcert package to the latest compatible version. Followings are version details:
- Affected version(s): <= 1.1.1
- Patched version(s): 1.1.2
References
Related Issues
- rollbar vulnerable to prototype pollution - CVE-2025-57325
- Prebid.js NPM package briefly compromised - CVE-2025-59038
- devalue prototype pollution vulnerability - CVE-2025-57820
- js-toml Prototype Pollution Vulnerability - CVE-2025-54803
- Tags:
- npm
- devcert
Anything's wrong? Let us know Last updated on February 01, 2023